Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Manually scanning an image for OS vulnerabilities in
Amazon ECR
If your repositories aren't configured to scan on push, you
can manually start image scans. An image can be scanned once per 24 hours. The 24
hours includes the initial scan on push, if configured, and any manual scans.
For troubleshooting details for some common issues when scanning images, see Troubleshooting image scanning in
Amazon ECR.
- Amazon Web Services Management Console
-
Use the following steps to start a manual image scan using the
Amazon Web Services Management Console.
Open the Amazon ECR console at https://console.aws.amazon.com/ecr/private-registry/repositories
-
From the navigation bar, choose the Region to create your
repository in.
-
In the navigation pane, choose
Repositories.
-
On the Repositories page, choose the
repository that contains the image to scan.
-
On the Images page, select the image to
scan and then choose Scan.
- Amazon CLI
-
-
start-image-scan (Amazon CLI)
The following example uses an image tag.
aws ecr start-image-scan --repository-name name
--image-id imageTag=tag_name
--region us-east-2
The following example uses an image digest.
aws ecr start-image-scan --repository-name name
--image-id imageDigest=sha256_hash
--region us-east-2
- Amazon Tools for Windows PowerShell
-
-
Get-ECRImageScanFinding (Amazon Tools for Windows PowerShell)
The following example uses an image tag.
Start-ECRImageScan -RepositoryName name
-ImageId_ImageTag tag_name
-Region us-east-2
-Force
The following example uses an image digest.
Start-ECRImageScan -RepositoryName name
-ImageId_ImageDigest sha256_hash
-Region us-east-2
-Force